Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/34352e3133312e3130362e302f32342d3234203d3e2035353131.roa
File:                     34352e3133312e3130362e302f32342d3234203d3e2035353131.roa (raw, json)
Hash identifier:          8hYXaidX9HWUQR0BodKQVVCy3Dcf8P5dNuunmK1ZwdM=
Subject key identifier:   4C:52:62:7C:3A:A3:1D:89:06:6A:46:AE:FC:F6:D4:58:5A:12:4B:33
Certificate issuer:       /CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
Certificate serial:       33199D0047611973F3C59EFC77DF5D2580A4E618
Authority key identifier: 7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/34352e3133312e3130362e302f32342d3234203d3e2035353131.roa
Signing time:             Fri 20 Mar 2026 11:50:27 +0000
ROA not before:           Fri 20 Mar 2026 11:45:27 +0000
ROA not after:            Fri 19 Mar 2027 11:50:27 +0000
asID:                     5511
IP address blocks:        45.131.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:19:9d:00:47:61:19:73:f3:c5:9e:fc:77:df:5d:25:80:a4:e6:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
        Validity
            Not Before: Mar 20 11:45:27 2026 GMT
            Not After : Mar 19 11:50:27 2027 GMT
        Subject: CN=4C52627C3AA31D89066A46AEFCF6D4585A124B33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:aa:63:81:3b:91:e0:e2:13:0c:d1:20:26:60:
                    a5:b8:4a:af:2f:79:c8:73:c9:84:c6:30:d8:b9:8a:
                    c7:23:50:87:9b:26:f0:8b:c5:73:97:f7:36:89:bd:
                    9f:b7:9b:cd:dd:bc:ec:24:48:95:8e:5b:da:79:15:
                    df:7f:ff:4e:32:87:2c:39:36:26:93:00:c1:76:33:
                    6d:8b:6f:e8:69:eb:7c:ac:e1:c1:e2:53:d3:12:81:
                    5d:66:b7:40:3c:57:78:7a:3e:ae:c0:45:ad:e6:cc:
                    62:32:7f:7d:ec:c3:95:f0:e1:cc:cb:aa:b3:83:a4:
                    13:b1:a8:1a:94:a6:3d:32:f5:3d:fc:a5:cd:5b:20:
                    8c:ac:8d:92:96:d9:d4:b5:19:de:9e:8a:a7:79:16:
                    66:81:b6:d4:f7:4e:b7:3e:f6:6c:96:10:06:2c:57:
                    20:86:9d:28:14:69:88:e0:6b:3a:d2:46:24:86:38:
                    86:14:82:a1:b6:7c:ea:2e:cf:94:88:bf:66:92:7a:
                    24:22:67:e6:5d:5e:12:15:af:75:c6:cb:3c:e4:c2:
                    5b:ed:21:5c:66:2d:f7:29:ad:f9:45:14:b1:80:d3:
                    9f:17:4a:58:2e:fd:1f:e0:c9:d2:97:df:65:23:dd:
                    a8:6f:ec:21:ce:29:d8:5b:f4:5d:20:4f:7b:4d:0c:
                    01:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:52:62:7C:3A:A3:1D:89:06:6A:46:AE:FC:F6:D4:58:5A:12:4B:33
            X509v3 Authority Key Identifier:
                keyid:7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/34352e3133312e3130362e302f32342d3234203d3e2035353131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:48:5f:3d:38:46:29:25:01:05:45:da:84:a1:40:db:0e:80:
         0a:dd:f0:57:35:89:2e:37:3d:86:e5:41:26:cc:1e:a4:b9:f6:
         8b:b3:2e:95:d4:4b:ab:64:ac:76:dc:bd:e6:51:24:a3:7e:02:
         b0:9e:96:b2:39:c1:b9:f4:1e:08:8b:30:59:15:02:a7:6e:39:
         08:53:fd:24:26:20:81:22:c7:b2:fd:d2:29:cb:10:e5:8f:f5:
         d6:97:72:58:dd:0b:0e:ec:f7:a9:f9:03:b0:f1:e7:4c:84:8b:
         35:7d:93:a9:87:44:66:a6:e0:b9:dd:ee:9a:a9:2f:26:e2:d2:
         2f:3f:1f:43:e5:48:82:01:70:8e:4f:cf:f2:51:22:b0:e7:4e:
         79:f2:8c:e4:39:ca:16:48:fa:d5:1f:49:48:e2:78:8f:04:03:
         1f:a4:53:5e:35:b4:a0:15:7e:8e:0d:4c:28:ec:5f:1e:93:23:
         75:e5:ff:ff:52:bd:3c:00:06:cc:13:fb:a0:38:14:23:9e:0c:
         62:e8:85:bf:f3:0f:38:cc:9a:42:0b:85:1f:c4:ea:9c:12:a4:
         86:50:08:a0:7d:dc:f8:c3:7e:6f:84:f3:06:13:88:58:b6:aa:
         e6:09:72:e4:bb:bf:a5:32:45:33:77:2c:13:4e:18:f7:1f:76:
         0a:d5:05:2f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMxmdAEdhGXPzxZ78d99dJYCk5hgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2ZlYTM3ZmRmZTI5YjM0MTczZTk3ZjFiNjM3YTQ0ZWM0
MWFjZWJiODAeFw0yNjAzMjAxMTQ1MjdaFw0yNzAzMTkxMTUwMjdaMDMxMTAvBgNV
BAMTKDRDNTI2MjdDM0FBMzFEODkwNjZBNDZBRUZDRjZENDU4NUExMjRCMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFqmOBO5Hg4hMM0SAmYKW4Sq8v
echzyYTGMNi5iscjUIebJvCLxXOX9zaJvZ+3m83dvOwkSJWOW9p5Fd9//04yhyw5
NiaTAMF2M22Lb+hp63ys4cHiU9MSgV1mt0A8V3h6Pq7ARa3mzGIyf33sw5Xw4czL
qrODpBOxqBqUpj0y9T38pc1bIIysjZKW2dS1Gd6eiqd5FmaBttT3Trc+9myWEAYs
VyCGnSgUaYjgazrSRiSGOIYUgqG2fOouz5SIv2aSeiQiZ+ZdXhIVr3XGyzzkwlvt
IVxmLfcprflFFLGA058XSlgu/R/gydKX32Uj3ahv7CHOKdhb9F0gT3tNDAHVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUTFJifDqjHYkGakau/PbUWFoSSzMwHwYDVR0j
BBgwFoAUf+o3/f4ps0Fz6X8bY3pE7EGs67gwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWItZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkz
YTlkLzAvN0ZFQTM3RkRGRTI5QjM0MTczRTk3RjFCNjM3QTQ0RUM0MUFDRUJCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YtbzNfZjRwczBGejZYOGJZM3BFN0VH
czY3Zy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWIt
ZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkzYTlkLzAvMzQzNTJlMzEzMzMxMmUzMTMw
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTM1MzEzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2D
ajANBgkqhkiG9w0BAQsFAAOCAQEAb0hfPThGKSUBBUXahKFA2w6ACt3wVzWJLjc9
huVBJswepLn2i7MuldRLq2Ssdty95lEko34CsJ6WsjnBufQeCIswWRUCp245CFP9
JCYggSLHsv3SKcsQ5Y/11pdyWN0LDuz3qfkDsPHnTISLNX2TqYdEZqbgud3umqkv
JuLSLz8fQ+VIggFwjk/P8lEisOdOefKM5DnKFkj61R9JSOJ4jwQDH6RTXjW0oBV+
jg1MKOxfHpMjdeX//1K9PAAGzBP7oDgUI54MYuiFv/MPOMyaQguFH8TqnBKkhlAI
oH3c+MN+b4TzBhOIWLaq5gly5Lu/pTJFM3csE04Y9x92CtUFLw==
-----END CERTIFICATE-----